Module ghsec::checks::branch_protections

The branch_protections checks the settings on the configured branch protections of a repository.

Branch protections are available for free on all public repositories, and on private repositories with paid plans. They protect matching branches against accidental merges, pushes, deletion and other potentially destructive operations. They are also used for supporting the auto-merge feature for pull requests. Not having branch protections configured, or having them configured incorrectly allows repository owners to make mistakes, or let automated tools break the default branch by pushing incompatible changes.

Due to limitations in the REST API, only branch protections with matching branches can be discovered and checked. For simplicity, this check currently only checks the default branch.

When running with --fix, this check currently does not do anything.

Sources

• GitHub Docs
• GitHub REST API

Structs

• BranchProtection 🔒
• BranchProtections
  Implementation for the repository_secrets check
• ProtectionFlag 🔒
• RequiredPullRequestReviews 🔒
• RequiredStatusChecks 🔒
• Restrictions 🔒